A recent and widely reported news story, concerning a keylogger made by a California, US spyco, Carrier IQ, which is apparently very widely deployed without the knowledge or consent of consumers in Androids, Blackberries, EVOs, and iPhones (but maybe not Windows phones!), may provide further evidence supporting such speculations:
- (Long and detailed) untitled blog post, Android Police, 4 October 2011
Code: Select all
http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/
Two points here: (i) Carrier IQ is logging vast amounts of personal information without the knowledge or consent of consumers, who do not even have an "opt-out". (ii) They appear to have made no attempt to prevent others from accessing all the data they forcibly collect. Consumers might not have known about the Carrier IQ logs until Trevor Eckart's revelations--- but information stealing crooks and private investigators probably did.Justin Case and I have spent all day together with Trevor Eckhart (you may remember him as TrevE of DamageControl and Virus ROMs) looking into Trev's findings deep inside HTC's latest software installed on such phones as EVO 3D, EVO 4G, Thunderbolt, and others.... In recent updates to some of its devices, HTC introduces a suite of logging tools that collected information. Lots of information. LOTS. Whatever the reason was, whether for better understanding problems on users' devices, easier remote analysis, corporate evilness - it doesn't matter. If you, as a company, plant these information collectors on a device, you better be DAMN sure the information they collect is secured and only available to privileged services or the user, after opting in. That is not the case. What Trevor found is only the tip of the iceberg...currently any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads) can get its hands on:- the list of user accounts, including email addresses and sync status for each
- last known network and GPS locations and a limited previous history of locations
- phone numbers from the phone log
- SMS data, including phone numbers and encoded text (not sure yet if it's possible to decode it, but very likely)
- system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info
- Carrier IQ defends against Android rootkits accusation
Handset makers and carriers to blame
Lawrence Latif, The Inquirer, 17 November 2011Code: Select all
www.theinquirer.net/inquirer/news/2125853/carrier-iq-defends-android-rootkits-accusation
Carrier IQ, which claims to provide 'mobile intelligence', has been accused of supplying rootkits that track user interactions on smartphones. Carrier IQ's software is found on many operating systems including Google's Android and records application runtimes, media playback, location satistics and when calls are received. - Android researcher: Carrier IQ 'diagnostic' tool really a rootkit spy
Elinor Mills, CNET News, 17 November 2011Android developer Trevor Eckhart recently noticed something odd on several EVO HTC devices: hidden software that phoned home to the carrier with details about how the phone was being used and where it was. The software, Carrier IQ, tracked the location of the phone, what keys were pressed, which Web pages were visited, when calls were placed, and other information on how the device is used and when. - Mobile ‘Rootkit’ Maker Tries to Silence Critical Android Dev
David Kravets, Wired, 22 November 2011Code: Select all
http://www.wired.com/threatlevel/2011/11/rootkit-brouhaha/
(The manuals were available to all at Carrier IQ's own website!) When Kravets asked a Carrier IQ spokesman about the capabilities of its spyware, he was toldA data-logging software company is seeking to squash an Android developer’s critical research into its software that is secretly installed on millions of phones, but Trevor Eckhart is refusing to publicly apologize for his research and remove the company’s training manuals from his website. Though the software is installed on millions of Android, BlackBerry and Nokia phones, Carrier IQ was virtually unknown until the 25-year-old Eckhart analyzed its workings, recently revealing that the software secretly chronicles a user’s phone experience, from its apps, battery life and texts. Some carriers prevent users who actually find the software from controlling what information is sent... Eckhart called the software a “rootkit,” a security term that refers to software installed at a low-level on a device, without a user’s consent or knowledge in order to secretly intercept the device’s workings. ... the Electronic Frontier Foundation announced it had came to the assistance of the 25-year-old Eckhart of Connecticut, whom Carrier IQ claims has breached copyright law for reposting the manuals.
See "encoded text (not sure yet if it's possible to decode it, but very likely)" in the previous item. IMO, installing a "keylogging rootkit for the purpose of spying" appears to be a reasonable description of what Carrier IQ is doing to millions of consumers. How can that possibly be legal, even in the USA? The answer, I speculate, may be that this is yet another "public-private partnership" in which the government ignores illegal secret data collection, so long as it gets free access to all that data.He said the company’s wares are for “gathering information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life.” “We’re not looking at texts. We’re counting things. How many texts did you send and how many failed. That’s the level of metrics that are being gathered,” he said. He answered “probably yes” when asked whether the company could read the text messages if it wanted.In addition to Carrier IQ (CIQ) that was planted by HTC/Sprint and prompted all kinds of questions a while ago, HTC also included another app called HtcLoggers.apk. This app is capable of collecting all kinds of data, as I mentioned above, and then... provide it to anyone who asks for it by opening a local port. Yup, not just HTC, but anyone who connects to it, which happens to be any app with the INTERNET permission. - Carrier IQ sends a stiff letter to a security researcher
Not happy with its own documents
Lawrence Latif, The Inquirer, 22 November 2011Code: Select all
www.theinquirer.net/inquirer/news/2126899/carrier-iq-sends-stiff-letter-security-researcher
SECURITY RESEARCHER Trevor Eckhart has received a cease and desist letter from Carrier IQ following his investigation into firm's mobile phone analytics software.... The Electronic Frontier Foundation (EFF), which represents Eckhart, published a letter it sent to Carrier IQ's lawyers arguing that the publication of training documents is "classic fair use and, therefore, non-infringing". The EFF continued by saying that the dissemination of information was in the public interest. - Data logging outfit tries to silence whistleblower
Threatens to sue
Nick Farrell, Tech Eye, 23 November 2011Code: Select all
news.techeye.net/security/data-logging-outfit-tries-to-silence-whistleblower
A data logging outfit is trying to silence an Android developer who blew the whistle on its software that is secretly installed on millions of phones.... Carrier IQ was furious at his pronouncements and... issued a cease-and-desist notice, saying Eckhart was in breach of copyright law and could face damages of as much as $150,000, the maximum allowed under US copyright law per violation. The company removed the manuals from its own website and is demanding that he stop calling its product a rootkit...the legal threat was a bullying technique to get Eckhard to shut up.Marcia Hofmann, an EFF senior staff attorney, said the civil rights group has decided that "Carrier IQ's real goal is to suppress Eckhart's research and prevent others from verifying his findings." - Software maker sorry for trying to silence security researcher
Withdraws legal threats over mobile 'rootkit' claims
Dan Goodin, The Register, 24 November 2011Code: Select all
http://www.theregister.co.uk/2011/11/24/carrier_iq_about_face/
In a statement issued on Wednesday, Mountain View, California-based Carrier IQ apologized to Trevor Eckhart for threatening to sue him for publishing training manuals he said supported his rootkit characterization. The about face came a few days after the Connecticut-based Android developer received legal support from the Electronic Frontier Foundation, which asserted his postings were protected by the US Constitution's First Amendment.... Eckhart's posting claimed that Carrier IQ software was able to log detailed information on millions of phones powered by Google's Android, Research in Motion's Blackberry, and Nokia operating systems. A user's GPS coordinates, key taps, and websites visited were just some of the details phone makers and carriers used the software to track, he claimed. Eckhart also objected to the lack of disclosure given to handset owners that their devices contained the software. In some cases, he said, Carrier IQ versions were modified so phones showed no signs the software was installed and running. That led to claims Carrier IQ was no different than rootkits installed to secretly track and control devices. - Carrier IQ apologises to security researcher and withdraws cease and desist letter
Sees the error of its ways
Lawrence Latif, The Inquirer, 24 November 2011Code: Select all
www.theinquirer.net/inquirer/news/2127559/carrier-iq-apologises-security-researcher-withdraws-cease-desist-letter
MOBILE ANALYTICS FIRM Carrier IQ has withdrawn its cease and desist letter to security researcher Trevor Eckhart following intervention by the Electronic Frontier Foundation (EFF)... Being fair to Carrier IQ, it isn't the only company that provides mobile analytics software, and it was the handset makers and mobile operators that chose to load the software onto handsets. Some third party Android distributions such as Cyanogenmod claim to have removed Carrier IQ's software completely. - Carrier IQ Video Shows Alarming Capabilities Of Mobile Tracking Software
Devin Coldewey, Techcrunch, 29 November 2011Code: Select all
techcrunch.com/2011/11/29/carrier-iq-video-shows-alarming-capabilities-of-mobile-tracking-software/
Sprint does not, because it hires CarrierIQ to do that, yes?You may be aware of the growing controversy surrounding Carrier IQ, a piece of software found pre-installed on Sprint phones that, according to developers who have investigated, is capable of detecting, recording, and transmitting various user actions and inputs. Among the data CIQ potentially has access to are location, SMS, apps, and key presses... News of the software has been percolating for months on development forums, but when Trevor Eckhart recently summarized his findings, he found himself facing a cease and desist while Sprint vigorously denied the charges, saying “We do not and cannot look at the contents of messages, photos, videos, etc., using this tool.” - Android handsets secretly logging keystrokes, SMS messages?
Don Reisinger, CNET News, 30 November 2011Carrier IQ [attempted] to clarify what its software doesn't do, including record keystrokes, provide tracking tools, or inspect "the content of e-mails and SMSs." The company also argued that its software does not "provide real-time data reporting to any customer." But Eckhart's new video seems to refute at least some of those claims. In one part of the clip, he shows how an entire SMS message--"hello world"--was recorded by Carrier IQ's software. In another example, he demonstrates how a Google search, his location, and other key information is recorded by Carrier IQ's application, even though he was on Wi-Fi and a page secured by HTTPS. "The Carrier IQ application is receiving not only HTTP strings directly from browser, but also HTTPs strings," Eckhart wrote in a blog post. "HTTPs data is the only thing protecting much of the 'secure' Internet. Queries of what you search, HTTPs plain text login strings (yuck, but yes), even exact details of objects on page are shown in the JS/CSS/GIF files above--and can be seen going into the Carrier IQ application." Perhaps most troublesome is that users don't know where their information is going or how it's being used. - BUSTED! Secret app on millions of phones logs key taps
Researcher says seeing is believing
Dan Goodin, The Register, 30 November 2011Code: Select all
www.theregister.co.uk/2011/11/30/smartphone_spying_app/
So they "need" to "test" everyone's cell phone transmissions 365/24/60/60? Really? Really?Trevor Eckhart showed how software from a Silicon Valley company known as Carrier IQ recorded in real time the keys he pressed into a stock EVO handset, which he had reset to factory settings just prior to the demonstration. Using a packet sniffer while his device was in airplane mode, he demonstrated how each numeric tap and every received text message is logged by the software. Ironically, he says, the Carrier IQ software recorded the “hello world” dispatch even before it was displayed on his handset.... In an interview last week, Carrier IQ VP of Marketing Andrew Coward rejected claims the software posed a privacy threat because it never captured key presses... Coward went on to say that Carrier IQ was a diagnostic tool designed to give network carriers and device manufacturers detailed information about the causes of dropped calls and other performance issues.Eckhart said he chose the HTC phone purely for demonstration purposes. Blackberrys, other Android-powered handsets, and smartphones from Nokia contain the same snooping software, he claims.